Build Matrix of Binaries #246
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build Matrix of Binaries | |
'on': | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]*" | |
branches: | |
- "build-all-*" | |
- "build-bins-*" | |
schedule: | |
- cron: "05 00 * * *" | |
workflow_dispatch: | |
inputs: | |
customTag: | |
description: "Development Tag" | |
required: true | |
default: "development-tag" | |
env: | |
TS_FILENAME: "sha_p2pool" | |
TS_BUNDLE_ID_BASE: "com.tarilabs" | |
TS_SIG_FN: "sha256-unsigned.txt" | |
## Must be a JSon string | |
TS_FILES: '["sha_p2pool"]' | |
toolchain: nightly-2024-03-01 | |
matrix-json-file: ".github/workflows/build_binaries.json" | |
CARGO_HTTP_MULTIPLEXING: false | |
CARGO_UNSTABLE_SPARSE_REGISTRY: true | |
CARGO: cargo | |
CARGO_OPTIONS: "--release" | |
CARGO_CACHE: true | |
concurrency: | |
# https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix | |
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
cancel-in-progress: ${{ !startsWith(github.ref, 'refs/tags/v') || github.ref != 'refs/heads/development' || github.ref != 'refs/heads/nextnet' || github.ref != 'refs/heads/stagenet' }} | |
permissions: {} | |
jobs: | |
matrix-prep: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: false | |
- name: Set Matrix | |
id: set-matrix | |
run: | | |
# | |
# build all targets images | |
# matrix=$( jq -s -c .[] .github/workflows/build_binaries.json ) | |
# | |
# build only single target image | |
# matrix_selection=$( jq -c '.[] | select( ."name" == "windows-x64" )' ${{ env.matrix-json-file }} ) | |
# matrix_selection=$( jq -c '.[] | select( ."name" | contains("macos") )' ${{ env.matrix-json-file }} ) | |
# | |
# build select target images - build_enabled | |
matrix_selection=$( jq -c '.[] | select( ."build_enabled" != false )' ${{ env.matrix-json-file }} ) | |
# | |
# Setup the json build matrix | |
matrix=$(echo ${matrix_selection} | jq -s -c '{"builds": .}') | |
echo $matrix | |
echo $matrix | jq . | |
echo "matrix=${matrix}" >> $GITHUB_OUTPUT | |
matrix-check: | |
# Debug matrix | |
if: ${{ false }} | |
runs-on: ubuntu-latest | |
needs: matrix-prep | |
steps: | |
- name: Install json2yaml | |
run: | | |
sudo npm install -g json2yaml | |
- name: Check matrix definition | |
run: | | |
matrix='${{ needs.matrix-prep.outputs.matrix }}' | |
echo $matrix | |
echo $matrix | jq . | |
echo $matrix | json2yaml | |
builds: | |
name: Building ${{ matrix.builds.name }} on ${{ matrix.builds.runs-on }} | |
needs: matrix-prep | |
continue-on-error: ${{ matrix.builds.best_effort || false }} | |
outputs: | |
TARI_VERSION: ${{ steps.set-tari-vars.outputs.TARI_VERSION }} | |
VSHA_SHORT: ${{ steps.set-tari-vars.outputs.VSHA_SHORT }} | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.matrix-prep.outputs.matrix) }} | |
runs-on: ${{ matrix.builds.runs-on }} | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Declare Global Variables 4 GHA ${{ github.event_name }} | |
id: set-tari-vars | |
shell: bash | |
run: | | |
echo "VBRANCH=${{ github.ref_name }}" >> $GITHUB_ENV | |
VSHA_SHORT=$(git rev-parse --short HEAD) | |
echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_ENV | |
echo "VSHA_SHORT=${VSHA_SHORT}" >> $GITHUB_OUTPUT | |
TARI_VERSION=$(awk -F ' = ' '$1 ~ /^version/ \ | |
{ gsub(/["]/, "", $2); printf("%s",$2) }' \ | |
"$GITHUB_WORKSPACE/Cargo.toml") | |
echo "TARI_VERSION=${TARI_VERSION}" >> $GITHUB_ENV | |
echo "TARI_VERSION=${TARI_VERSION}" >> $GITHUB_OUTPUT | |
TARGET_BINS="" | |
if [[ "${{ matrix.builds.target_bins }}" == "" ]]; then | |
ARRAY_BINS=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) | |
else | |
ARRAY_BINS=( $(echo "${{ matrix.builds.target_bins }}" | tr ', ' '\n') ) | |
fi | |
for BIN_FILE in "${ARRAY_BINS[@]}"; do | |
echo "Adding ${BIN_FILE} to Builds" | |
TARGET_BINS+="--bin ${BIN_FILE} " | |
done | |
echo "TARGET_BINS=${TARGET_BINS}" >> $GITHUB_ENV | |
TARI_BUILD_ISA_CPU=${{ matrix.builds.target }} | |
# Strip unknown part | |
TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU//-unknown-linux-gnu} | |
# Strip gc used by rust | |
TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU//gc} | |
echo "TARI_BUILD_ISA_CPU=${TARI_BUILD_ISA_CPU}" >> $GITHUB_ENV | |
- name: Scheduled Destination Folder Override | |
if: ${{ github.event_name == 'schedule' && github.event.schedule == '05 00 * * *' }} | |
shell: bash | |
run: | | |
echo "S3_DEST_OVERRIDE=daily/" >> $GITHUB_ENV | |
- name: Setup Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
components: rustfmt, clippy | |
toolchain: ${{ matrix.builds.rust }} | |
targets: ${{ matrix.builds.target }} | |
- name: Install Linux dependencies - Ubuntu | |
if: ${{ startsWith(runner.os,'Linux') && ( ! matrix.builds.cross ) }} | |
run: | | |
sudo apt-get update | |
sudo bash scripts/install_ubuntu_dependencies.sh | |
- name: Install Linux dependencies - Ubuntu - cross-compiled ${{ env.TARI_BUILD_ISA_CPU }} on x86-64 | |
if: ${{ startsWith(runner.os,'Linux') && ( ! matrix.builds.cross ) && matrix.builds.name != 'linux-x86_64' }} | |
run: | | |
sudo apt-get update | |
sudo bash scripts/install_ubuntu_dependencies-cross_compile.sh ${{ env.TARI_BUILD_ISA_CPU }} | |
rustup target add ${{ matrix.builds.target }} | |
echo "PKG_CONFIG_SYSROOT_DIR=/usr/${{ env.TARI_BUILD_ISA_CPU }}-linux-gnu/" >> $GITHUB_ENV | |
- name: Install macOS dependencies | |
if: startsWith(runner.os,'macOS') | |
run: | | |
# Already installed items | |
# brew install openssl cmake autoconf zip | |
brew install coreutils automake protobuf | |
rustup target add ${{ matrix.builds.target }} | |
- name: Install Windows dependencies | |
if: startsWith(runner.os,'Windows') | |
run: | | |
vcpkg.exe install sqlite3:x64-windows zlib:x64-windows | |
# Bug in choco - need to install each package individually | |
choco upgrade llvm -y | |
# psutils is out of date | |
# choco upgrade psutils -y | |
choco upgrade openssl -y | |
# Should already be installed | |
# choco upgrade strawberryperl -y | |
choco upgrade protoc -y | |
- name: Set environment variables - Nix | |
if: ${{ ! startsWith(runner.os,'Windows') }} | |
shell: bash | |
run: | | |
echo "SHARUN=shasum --algorithm 256" >> $GITHUB_ENV | |
echo "CC=gcc" >> $GITHUB_ENV | |
echo "TS_EXT=" >> $GITHUB_ENV | |
echo "SHELL_EXT=.sh" >> $GITHUB_ENV | |
echo "PLATFORM_SPECIFIC_DIR=linux" >> $GITHUB_ENV | |
echo "TS_DIST=/dist" >> $GITHUB_ENV | |
- name: Set environment variables - macOS | |
if: startsWith(runner.os,'macOS') | |
shell: bash | |
run: | | |
echo "PLATFORM_SPECIFIC_DIR=osx" >> $GITHUB_ENV | |
echo "LIB_EXT=.dylib" >> $GITHUB_ENV | |
# Hardcoded sdk for MacOSX on ARM64 | |
- name: Set environment variables - macOS - ARM64 (pin/sdk) | |
# Debug | |
if: ${{ false }} | |
# if: ${{ startsWith(runner.os,'macOS') && matrix.builds.name == 'macos-arm64' }} | |
run: | | |
xcrun --show-sdk-path | |
ls -alhtR "/Library/Developer/CommandLineTools/SDKs/" | |
echo "RANDOMX_RS_CMAKE_OSX_SYSROOT=/Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk" >> $GITHUB_ENV | |
- name: Set environment variables - Ubuntu | |
if: startsWith(runner.os,'Linux') | |
shell: bash | |
run: | | |
echo "LIB_EXT=.so" >> $GITHUB_ENV | |
- name: Set environment variables - Windows | |
if: startsWith(runner.os,'Windows') | |
shell: bash | |
run: | | |
# echo "SHARUN=pwsh C:\ProgramData\chocolatey\lib\psutils\tools\psutils-master\shasum.ps1 --algorithm 256" >> $GITHUB_ENV | |
mkdir -p "$GITHUB_WORKSPACE\psutils" | |
curl -v -o "$GITHUB_WORKSPACE\psutils\getopt.ps1" "https://raw.githubusercontent.com/lukesampson/psutils/master/getopt.ps1" | |
curl -v -o "$GITHUB_WORKSPACE\psutils\shasum.ps1" "https://raw.githubusercontent.com/lukesampson/psutils/master/shasum.ps1" | |
echo "SHARUN=pwsh $GITHUB_WORKSPACE\psutils\shasum.ps1 --algorithm 256" >> $GITHUB_ENV | |
echo "TS_EXT=.exe" >> $GITHUB_ENV | |
echo "LIB_EXT=.dll" >> $GITHUB_ENV | |
echo "SHELL_EXT=.bat" >> $GITHUB_ENV | |
echo "TS_DIST=\dist" >> $GITHUB_ENV | |
echo "PLATFORM_SPECIFIC_DIR=windows" >> $GITHUB_ENV | |
echo "SQLITE3_LIB_DIR=C:\vcpkg\installed\x64-windows\lib" >> $GITHUB_ENV | |
echo "OPENSSL_DIR=C:\Program Files\OpenSSL-Win64" >> $GITHUB_ENV | |
echo "LIBCLANG_PATH=C:\Program Files\LLVM\bin" >> $GITHUB_ENV | |
echo "C:\Strawberry\perl\bin" >> $GITHUB_PATH | |
- name: Cache cargo files and outputs | |
if: ${{ ( ! startsWith(github.ref, 'refs/tags/v') ) && ( ! matrix.builds.cross ) && ( env.CARGO_CACHE ) }} | |
uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ matrix.builds.target }} | |
- name: Install and setup cargo cross | |
if: ${{ matrix.builds.cross }} | |
shell: bash | |
run: | | |
#cargo install cross | |
cargo install cross --git https://github.com/cross-rs/cross | |
echo "CARGO=cross" >> $GITHUB_ENV | |
- name: Install and setup cargo-auditable | |
if: ${{ false }} | |
# if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
shell: bash | |
run: | | |
cargo install cargo-auditable | |
echo "CARGO=${{ env.CARGO }} auditable" >> $GITHUB_ENV | |
echo "CARGO_OPTIONS=${{ env.CARGO_OPTIONS }} --release" >> $GITHUB_ENV | |
- name: Show command used for Cargo | |
shell: bash | |
run: | | |
echo "cargo command is: ${{ env.CARGO }}" | |
echo "cargo options is: ${{ env.CARGO_OPTIONS }}" | |
echo "cross flag: ${{ matrix.builds.cross }}" | |
- name: Build release binaries | |
shell: bash | |
run: | | |
${{ env.CARGO }} build ${{ env.CARGO_OPTIONS }} \ | |
--target ${{ matrix.builds.target }} \ | |
${{ env.TARGET_BINS }} \ | |
${{ matrix.builds.flags }} --locked | |
- name: Copy binaries to folder for archiving | |
shell: bash | |
run: | | |
# set -xo pipefail | |
mkdir -p "$GITHUB_WORKSPACE${TS_DIST}" | |
cd "$GITHUB_WORKSPACE${TS_DIST}" | |
BINFILE="${TS_FILENAME}-${TARI_VERSION}-${VSHA_SHORT}-${{ matrix.builds.name }}${TS_EXT}" | |
echo "BINFILE=${BINFILE}" >> $GITHUB_ENV | |
echo "Copying files for ${BINFILE} to $(pwd)" | |
echo "MTS_SOURCE=$(pwd)" >> $GITHUB_ENV | |
ls -alht "$GITHUB_WORKSPACE/target/${{ matrix.builds.target }}/release/" | |
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) | |
for FILE in "${ARRAY_FILES[@]}"; do | |
echo "checking for file - ${FILE}${TS_EXT}" | |
if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${TS_EXT}" ]; then | |
cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${TS_EXT}" . | |
fi | |
done | |
if [[ "${{ matrix.builds.target_libs }}" == "" ]]; then | |
ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') ) | |
else | |
ARRAY_LIBS=( $(echo "${{ matrix.builds.target_libs }}" | tr ', ' '\n') ) | |
fi | |
for FILE in "${ARRAY_LIBS[@]}"; do | |
echo "checking for file - ${FILE}${TS_EXT}" | |
# Check on Nix for libs | |
if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/lib${FILE}${LIB_EXT}" ]; then | |
cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/lib${FILE}${LIB_EXT}" . | |
fi | |
# Check on Windows libs | |
if [ -f "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${LIB_EXT}" ]; then | |
cp -vf "${GITHUB_WORKSPACE}/target/${{ matrix.builds.target }}/release/${FILE}${LIB_EXT}" . | |
fi | |
done | |
ls -alhtR ${{ env.MTS_SOURCE }} | |
- name: Pre/unsigned OSX Artifact upload for Archive | |
if: ${{ false }} | |
# if: startsWith(runner.os,'macOS') | |
continue-on-error: true | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TS_FILENAME }}_unsigned-archive-${{ matrix.builds.name }} | |
path: "${{ env.MTS_SOURCE }}/*" | |
- name: Build the macOS pkg | |
if: ${{ false }} | |
# if: startsWith(runner.os,'macOS') | |
continue-on-error: true | |
env: | |
MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }} | |
MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }} | |
MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }} | |
MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }} | |
MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }} | |
MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }} | |
MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }} | |
MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }} | |
MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }} | |
MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }} | |
run: | | |
echo $MACOS_APPLICATION_CERT | base64 --decode > application.p12 | |
echo $MACOS_INSTALLER_CERT | base64 --decode > installer.p12 | |
security create-keychain -p $MACOS_KEYCHAIN_PASS build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p $MACOS_KEYCHAIN_PASS build.keychain | |
security import application.p12 -k build.keychain -P $MACOS_APPLICATION_PASS -T /usr/bin/codesign | |
security import installer.p12 -k build.keychain -P $MACOS_INSTALLER_PASS -T /usr/bin/pkgbuild | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PASS build.keychain | |
if [[ "${{ matrix.builds.name }}" == "macos-arm64" ]]; then | |
echo "Add codesign extra args for ${{ matrix.builds.name }}" | |
OSX_CODESIGN_EXTRAS="--entitlements ${GITHUB_WORKSPACE}/applications/minotari_node/osx-pkg/entitlements.xml" | |
fi | |
cd buildtools | |
export target_release="target/${{ matrix.builds.target }}/release" | |
mkdir -p "${{ runner.temp }}/osxpkg" | |
export tarball_parent="${{ runner.temp }}/osxpkg" | |
export tarball_source="${{ env.TARI_NETWORK_DIR }}" | |
./create_osx_install_zip.sh unused nozip | |
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) | |
find "${GITHUB_WORKSPACE}/${target_release}" \ | |
-name "randomx-*" -type f -perm -+x \ | |
-exec cp -vf {} "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/" \; | |
FILES_DIAG_UTILS=( \ | |
$(find "${GITHUB_WORKSPACE}/${target_release}" \ | |
-name "randomx-*" -type f -perm -+x \ | |
-exec sh -c 'echo "$(basename "{}")"' \; \ | |
) \ | |
) | |
ARRAY_FILES+=(${FILES_DIAG_UTILS[@]}) | |
for FILE in "${ARRAY_FILES[@]}"; do | |
codesign --options runtime --force --verify --verbose --timestamp ${OSX_CODESIGN_EXTRAS} \ | |
--prefix "${{ env.TS_BUNDLE_ID_BASE }}.${{ env.TS_FILENAME }}." \ | |
--sign "Developer ID Application: $MACOS_APPLICATION_ID" \ | |
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" | |
codesign --verify --deep --display --verbose=4 \ | |
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" | |
cp -vf "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" \ | |
"${{ env.MTS_SOURCE }}" | |
done | |
distDirPKG=$(mktemp -d -t ${{ env.TS_FILENAME }}) | |
echo "${distDirPKG}" | |
echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV | |
TS_Temp=${{ env.TS_FILENAME }} | |
TS_BUNDLE_ID_VALID_NAME=$(echo "${TS_Temp//_/-}") | |
# Strip apple-darwin | |
TS_ARCH=$(echo "${${{ matrix.builds.target }}//-apple-darwin/}") | |
pkgbuild --root "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}" \ | |
--identifier "${{ env.TS_BUNDLE_ID_BASE }}.pkg.${TS_BUNDLE_ID_VALID_NAME}" \ | |
--version "${TARI_VERSION}" \ | |
--install-location "/tmp/tari" \ | |
--scripts "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/scripts" \ | |
--sign "Developer ID Installer: ${MACOS_INSTALLER_ID}" \ | |
"${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" | |
echo -e "Submitting to Apple...\n\n" | |
xcrun notarytool submit \ | |
"${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" \ | |
--apple-id "${MACOS_NOTARIZE_USERNAME}" \ | |
--password ${MACOS_NOTARIZE_PASSWORD} \ | |
--team-id ${MACOS_ASC_PROVIDER} \ | |
--verbose --wait 2>&1 | tee -a notarisation.result | |
# Maybe use line from with "Processing complete"? | |
requestUUID=$(tail -n5 notarisation.result | grep "id:" | cut -d" " -f 4) | |
requestSTATUS=$(tail -n5 notarisation.result | grep "\ \ status:" | cut -d" " -f 4) | |
if [[ ${requestUUID} == "" ]] || [[ ${requestSTATUS} != "Accepted" ]]; then | |
echo "## status: ${requestSTATUS} - could not notarize - ${requestUUID} - ${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" | |
exit 1 | |
else | |
echo "Notarization RequestUUID: ${requestUUID}" | |
echo -e "\nStapling package...\ | |
${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg\n" | |
xcrun stapler staple -v \ | |
"${distDirPKG}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" | |
fi | |
cd ${distDirPKG} | |
echo "Compute pkg shasum" | |
${SHARUN} "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg" \ | |
>> "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256" | |
cat "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256" | |
echo "Checksum verification for pkg is " | |
${SHARUN} --check "${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg.sha256" | |
- name: Artifact upload for macOS pkg | |
if: ${{ false }} | |
# if: startsWith(runner.os,'macOS') | |
continue-on-error: true | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}.pkg | |
path: "${{ env.distDirPKG }}/${{ env.TS_FILENAME }}-${{ matrix.builds.name }}-${{ env.TARI_VERSION }}*.pkg*" | |
- name: Sign files with Trusted Signing (windows binaries) | |
if: ${{ ( startsWith(runner.os,'Windows') ) && ( env.AZURE_TENANT_ID != '' ) }} | |
env: | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
uses: azure/trusted-signing-action@v0.5.0 | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://eus.codesigning.azure.net/ | |
trusted-signing-account-name: Tari | |
certificate-profile-name: Tarilabs | |
files-folder: ${{ github.workspace }}${{ env.TS_DIST }}/ | |
files-folder-filter: exe,dll | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
- name: Build the Windows installer | |
if: ${{ false }} | |
# if: startsWith(runner.os,'Windows') | |
continue-on-error: true | |
shell: cmd | |
run: | | |
cd buildtools | |
"%programfiles(x86)%\Inno Setup 6\iscc.exe" "/DMyAppVersion=${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer" "/DMinotariSuite=${{ env.TS_FILENAME }}" "/DTariSuitePath=${{ github.workspace }}${{ env.TS_DIST }}" "windows_inno_installer.iss" | |
cd Output | |
echo "Compute archive shasum" | |
${{ env.SHARUN }} "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe" >> "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256" | |
echo "Show the shasum" | |
cat "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256" | |
echo "Checksum verification archive is " | |
${{ env.SHARUN }} --check "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}-${{ env.VSHA_SHORT }}-${{ matrix.builds.name }}-installer.exe.sha256" | |
- name: Artifact upload for Windows installer | |
if: ${{ false }} | |
# if: startsWith(runner.os,'Windows') | |
continue-on-error: true | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "${{ env.TS_FILENAME }}_windows_installer" | |
path: "${{ github.workspace }}/buildtools/Output/*" | |
- name: Archive and Checksum Binaries | |
shell: bash | |
run: | | |
echo "Archive ${{ env.BINFILE }} too ${{ env.BINFILE }}.zip" | |
cd "${{ env.MTS_SOURCE }}" | |
echo "Compute files shasum" | |
${SHARUN} * >> "${{ env.BINFILE }}.sha256" | |
echo "Show the shasum" | |
cat "${{ env.BINFILE }}.sha256" | |
echo "Checksum verification for files is " | |
${SHARUN} --check "${{ env.BINFILE }}.sha256" | |
7z a "${{ env.BINFILE }}.zip" * | |
echo "Compute archive shasum" | |
${SHARUN} "${{ env.BINFILE }}.zip" >> "${{ env.BINFILE }}.zip.sha256" | |
echo "Show the shasum" | |
cat "${{ env.BINFILE }}.zip.sha256" | |
echo "Checksum verification archive is " | |
${SHARUN} --check "${{ env.BINFILE }}.zip.sha256" | |
- name: Artifact upload for Archive | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TS_FILENAME }}_archive-${{ matrix.builds.name }} | |
path: "${{ github.workspace }}${{ env.TS_DIST }}/${{ env.BINFILE }}.zip*" | |
macOS-universal-assemble: | |
name: macOS universal assemble | |
needs: builds | |
env: | |
TARI_VERSION: ${{ needs.builds.outputs.TARI_VERSION }} | |
VSHA_SHORT: ${{ needs.builds.outputs.VSHA_SHORT }} | |
SHARUN: "shasum --algorithm 256" | |
continue-on-error: true | |
runs-on: macos-14 | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
- name: Download macOS binaries | |
uses: actions/download-artifact@v4 | |
with: | |
path: osxuni | |
# macos - x86_64 / arm64 | |
pattern: ${{ env.TS_FILENAME }}_archive-macos-* | |
merge-multiple: true | |
- name: Set environment variables for macOS universal | |
shell: bash | |
run: | | |
BINFN="${TS_FILENAME}-${TARI_VERSION}-${VSHA_SHORT}" | |
echo "BINFN=${BINFN}" >> $GITHUB_ENV | |
- name: Install macOS dependencies | |
shell: bash | |
run: | | |
brew install coreutils | |
- name: Verify checksums and extract | |
shell: bash | |
working-directory: osxuni | |
run: | | |
ls -alhtR | |
${SHARUN} --ignore-missing --check \ | |
"${{ env.BINFN }}-macos-x86_64.zip.sha256" | |
${SHARUN} --ignore-missing --check \ | |
"${{ env.BINFN }}-macos-arm64.zip.sha256" | |
ls -alhtR | |
mkdir macos-universal macos-x86_64 macos-arm64 | |
cd macos-x86_64 | |
7z e "../${{ env.BINFN }}-macos-x86_64.zip" | |
cd ../macos-arm64 | |
7z e "../${{ env.BINFN }}-macos-arm64.zip" | |
- name: Assemble macOS universal binaries | |
shell: bash | |
working-directory: osxuni | |
run: | | |
ls -alhtR | |
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) | |
for FILE in "${ARRAY_FILES[@]}"; do | |
echo "processing binary file - ${FILE}" | |
lipo -create -output macos-universal/${FILE} \ | |
macos-x86_64/${FILE} \ | |
macos-arm64/${FILE} | |
done | |
ARRAY_LIBS=( $(echo ${TS_LIBRARIES} | tr ', ' '\n') ) | |
for FILE in "${ARRAY_LIBS[@]}"; do | |
echo "processing library file - lib${FILE}.dylib" | |
lipo -create -output macos-universal/lib${FILE}.dylib \ | |
macos-x86_64/lib${FILE}.dylib \ | |
macos-arm64/lib${FILE}.dylib | |
done | |
ls -alhtR macos-universal | |
- name: Build the macOS universal pkg | |
continue-on-error: true | |
env: | |
MACOS_KEYCHAIN_PASS: ${{ secrets.MACOS_KEYCHAIN_PASS }} | |
MACOS_APPLICATION_ID: ${{ secrets.MACOS_APPLICATION_ID }} | |
MACOS_APPLICATION_CERT: ${{ secrets.MACOS_APPLICATION_CERT }} | |
MACOS_APPLICATION_PASS: ${{ secrets.MACOS_APPLICATION_PASS }} | |
MACOS_INSTALLER_ID: ${{ secrets.MACOS_INSTALLER_ID }} | |
MACOS_INSTALLER_CERT: ${{ secrets.MACOS_INSTALLER_CERT }} | |
MACOS_INSTALLER_PASS: ${{ secrets.MACOS_INSTALLER_PASS }} | |
MACOS_NOTARIZE_USERNAME: ${{ secrets.MACOS_NOTARIZE_USERNAME }} | |
MACOS_NOTARIZE_PASSWORD: ${{ secrets.MACOS_NOTARIZE_PASSWORD }} | |
MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }} | |
run: | | |
echo $MACOS_APPLICATION_CERT | base64 --decode > application.p12 | |
echo $MACOS_INSTALLER_CERT | base64 --decode > installer.p12 | |
security create-keychain -p $MACOS_KEYCHAIN_PASS build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p $MACOS_KEYCHAIN_PASS build.keychain | |
security import application.p12 -k build.keychain -P $MACOS_APPLICATION_PASS -T /usr/bin/codesign | |
security import installer.p12 -k build.keychain -P $MACOS_INSTALLER_PASS -T /usr/bin/pkgbuild | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_KEYCHAIN_PASS build.keychain | |
OSX_CODESIGN_EXTRAS="--entitlements ${GITHUB_WORKSPACE}/applications/minotari_node/osx-pkg/entitlements.xml" | |
cd buildtools | |
# export target_release="target/${{ matrix.builds.target }}/release" | |
# matrix.builds.target=macos-universal | |
# matrix.builds.name=macos-universal | |
export target_release="osxuni/macos-universal" | |
mkdir -p "${{ runner.temp }}/osxpkg" | |
export tarball_parent="${{ runner.temp }}/osxpkg" | |
export tarball_source="${{ env.TARI_NETWORK_DIR }}" | |
./create_osx_install_zip.sh unused nozip | |
ARRAY_FILES=( $(echo ${TS_FILES} | jq --raw-output '.[]' | awk '{ print $1 }') ) | |
for FILE in "${ARRAY_FILES[@]}"; do | |
codesign --options runtime --force --verify --verbose --timestamp ${OSX_CODESIGN_EXTRAS} \ | |
--prefix "${{ env.TS_BUNDLE_ID_BASE }}.${{ env.TS_FILENAME }}." \ | |
--sign "Developer ID Application: $MACOS_APPLICATION_ID" \ | |
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" | |
codesign --verify --deep --display --verbose=4 \ | |
"${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" | |
cp -vf "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/runtime/$FILE" \ | |
"${{ github.workspace }}/osxuni/macos-universal/" | |
done | |
distDirPKG=$(mktemp -d -t ${{ env.TS_FILENAME }}) | |
echo "${distDirPKG}" | |
echo "distDirPKG=${distDirPKG}" >> $GITHUB_ENV | |
TS_Temp=${{ env.TS_FILENAME }} | |
TS_BUNDLE_ID_VALID_NAME=$(echo "${TS_Temp//_/-}") | |
TS_ARCH=universal | |
pkgbuild --root "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}" \ | |
--identifier "${{ env.TS_BUNDLE_ID_BASE }}.pkg.${TS_BUNDLE_ID_VALID_NAME}" \ | |
--version "${TARI_VERSION}" \ | |
--install-location "/tmp/tari" \ | |
--scripts "${{ runner.temp }}/osxpkg/${{ env.TARI_NETWORK_DIR }}/scripts" \ | |
--sign "Developer ID Installer: ${MACOS_INSTALLER_ID}" \ | |
"${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" | |
echo -e "Submitting to Apple...\n\n" | |
xcrun notarytool submit \ | |
"${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" \ | |
--apple-id "${MACOS_NOTARIZE_USERNAME}" \ | |
--password ${MACOS_NOTARIZE_PASSWORD} \ | |
--team-id ${MACOS_ASC_PROVIDER} \ | |
--verbose --wait 2>&1 | tee -a notarisation.result | |
# Maybe use line from with "Processing complete"? | |
requestUUID=$(tail -n5 notarisation.result | grep "id:" | cut -d" " -f 4) | |
requestSTATUS=$(tail -n5 notarisation.result | grep "\ \ status:" | cut -d" " -f 4) | |
if [[ ${requestUUID} == "" ]] || [[ ${requestSTATUS} != "Accepted" ]]; then | |
echo "## status: ${requestSTATUS} - could not notarize - ${requestUUID} - ${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" | |
exit 1 | |
else | |
echo "Notarization RequestUUID: ${requestUUID}" | |
echo -e "\nStapling package...\ | |
${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg\n" | |
xcrun stapler staple -v \ | |
"${distDirPKG}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" | |
fi | |
cd ${distDirPKG} | |
echo "Compute pkg shasum" | |
${SHARUN} "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg" \ | |
>> "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256" | |
cat "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256" | |
echo "Checksum verification for pkg is " | |
${SHARUN} --check "${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg.sha256" | |
- name: Artifact upload for macOS universal pkg | |
if: startsWith(runner.os,'macOS') | |
continue-on-error: true | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}.pkg | |
path: "${{ env.distDirPKG }}/${{ env.TS_FILENAME }}-macos-universal-${{ env.TARI_VERSION }}*.pkg*" | |
- name: Archive and Checksum macOS universal Binaries | |
shell: bash | |
working-directory: osxuni/macos-universal | |
run: | | |
# set -xo pipefail | |
BINFILE="${BINFN}-macos-universal" | |
echo "BINFILE=${BINFILE}" >> $GITHUB_ENV | |
echo "Archive ${BINFILE} into ${BINFILE}.zip" | |
echo "Compute files shasum into ${BINFILE}.sha256" | |
${SHARUN} * >> "${BINFILE}.sha256" | |
echo "Show the shasum" | |
cat "${BINFILE}.sha256" | |
echo "Checksum verification for files is " | |
${SHARUN} --check "${BINFILE}.sha256" | |
7z a "${BINFILE}.zip" * | |
echo "Compute archive shasum into ${BINFILE}.zip.sha256" | |
${SHARUN} "${BINFILE}.zip" >> "${BINFILE}.zip.sha256" | |
echo "Show the shasum from ${BINFILE}.zip.sha256" | |
cat "${BINFILE}.zip.sha256" | |
echo "Checksum verification archive is " | |
${SHARUN} --check "${BINFILE}.zip.sha256" | |
- name: Artifact upload for Archive | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.TS_FILENAME }}_archive-macos-universal | |
path: "${{ github.workspace }}/osxuni/macos-universal/${{ env.BINFILE }}.zip*" | |
create-release: | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
runs-on: ubuntu-latest | |
needs: builds | |
env: | |
TARI_VERSION: ${{ needs.builds.outputs.TARI_VERSION }} | |
permissions: | |
contents: write | |
steps: | |
- name: Download binaries | |
uses: actions/download-artifact@v4 | |
with: | |
path: ${{ env.TS_FILENAME }} | |
pattern: "${{ env.TS_FILENAME }}*" | |
merge-multiple: true | |
- name: Verify checksums and Prep Uploads | |
shell: bash | |
working-directory: ${{ env.TS_FILENAME }} | |
run: | | |
# set -xo pipefail | |
sudo apt-get update | |
sudo apt-get --no-install-recommends --assume-yes install dos2unix | |
ls -alhtR | |
if [ -f "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" ] ; then | |
rm -fv "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" | |
fi | |
# Merge all sha256 files into one | |
find . -name "*.sha256" -type f -print | xargs cat >> "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" | |
dos2unix --quiet "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" | |
cat "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" | |
sha256sum --ignore-missing --check "${{ env.TS_FILENAME }}-${{ env.TARI_VERSION }}.${{ env.TS_SIG_FN }}" | |
ls -alhtR | |
- name: Create release | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "${{ env.TS_FILENAME }}*/**/*" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
prerelease: true | |
draft: true | |
allowUpdates: true | |
updateOnlyUnreleased: true | |
replacesArtifacts: true | |
- name: Sync assets to S3 | |
continue-on-error: true | |
if: ${{ env.AWS_SECRET_ACCESS_KEY != '' && matrix.builds.runs-on != 'self-hosted' }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
S3CMD: "cp" | |
S3OPTIONS: '--recursive --exclude "*" --include "*.sha256*" --include "*.zip*" --include "*.pkg*" --include "*installer.exe*"' | |
shell: bash | |
working-directory: ${{ env.TS_FILENAME }} | |
run: | | |
echo "Upload processing ..." | |
ls -alhtR | |
echo "Clean up" | |
# Bash check if file with wildcards, does not work as expected | |
echo "Folder setup" | |
if ls ${{ env.TS_FILENAME }}*linux* > /dev/null 2>&1 ; then | |
mkdir -p "linux/${{ env.TARI_NETWORK_DIR }}/" | |
mv -v ${{ env.TS_FILENAME }}*linux* "linux/${{ env.TARI_NETWORK_DIR }}/" | |
fi | |
if ls ${{ env.TS_FILENAME }}*macos* > /dev/null 2>&1 ; then | |
mkdir -p "osx/${{ env.TARI_NETWORK_DIR }}/" | |
mv -v ${{ env.TS_FILENAME }}*macos* "osx/${{ env.TARI_NETWORK_DIR }}/" | |
fi | |
if ls ${{ env.TS_FILENAME }}*windows* > /dev/null 2>&1 ; then | |
mkdir -p "windows/${{ env.TARI_NETWORK_DIR }}/" | |
mv -v ${{ env.TS_FILENAME }}*windows* "windows/${{ env.TARI_NETWORK_DIR }}/" | |
fi | |
ls -alhtR | |
aws --version | |
echo "ls current" | |
aws s3 ls --region ${{ secrets.AWS_REGION }} \ | |
s3://${{ secrets.AWS_S3_BUCKET }}/current/ | |
echo "Upload current" | |
aws s3 ${{ env.S3CMD }} --region ${{ secrets.AWS_REGION }} \ | |
. \ | |
s3://${{ secrets.AWS_S3_BUCKET }}/current/ \ | |
${{ env.S3OPTIONS }} |